CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
40.7%
Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet’s web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages. In addition, new mod_ssl packages have been prepared for all platforms, and new PHP packages have been prepared for Slackware 8.1, 9.0, and - -current (9.1 already uses PHP 4.3.3). In -current, these packages also move the Apache module directory from /usr/libexec to /usr/libexec/apache. Links for all of these related packages are provided below.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Slackware Security Advisory 2003-308-01. The text
# itself is copyright (C) Slackware Linux, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(18742);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2003-0542");
script_xref(name:"SSA", value:"2003-308-01");
script_name(english:"Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)");
script_summary(english:"Checks for updated packages in /var/log/packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Slackware host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Apache httpd is a hypertext transfer protocol server, and is used by
over two thirds of the Internet's web sites. Upgraded Apache packages
are available for Slackware 8.1, 9.0, 9.1, and -current. These fix
local vulnerabilities that could allow users who can create or edit
Apache config files to gain additional privileges. Sites running
Apache should upgrade to the new packages. In addition, new mod_ssl
packages have been prepared for all platforms, and new PHP packages
have been prepared for Slackware 8.1, 9.0, and - -current (9.1 already
uses PHP 4.3.3). In -current, these packages also move the Apache
module directory from /usr/libexec to /usr/libexec/apache. Links for
all of these related packages are provided below."
);
# http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.559833
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?1c39b7c6"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected apache, mod_ssl and / or php packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:apache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mod_ssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
script_set_attribute(attribute:"patch_publication_date", value:"2003/11/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Slackware Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("slackware.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
flag = 0;
if (slackware_check(osver:"8.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"8.1", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"8.1", pkgname:"php", pkgver:"4.3.3", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.0", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.0", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.0", pkgname:"php", pkgver:"4.3.3", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.1", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.1", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", pkgname:"apache", pkgver:"1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", pkgname:"mod_ssl", pkgver:"2.8.16_1.3.29", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", pkgname:"php", pkgver:"4.3.3", pkgarch:"i486", pkgnum:"3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
slackware | slackware_linux | apache | p-cpe:/a:slackware:slackware_linux:apache |
slackware | slackware_linux | mod_ssl | p-cpe:/a:slackware:slackware_linux:mod_ssl |
slackware | slackware_linux | php | p-cpe:/a:slackware:slackware_linux:php |
slackware | slackware_linux | cpe:/o:slackware:slackware_linux | |
slackware | slackware_linux | 8.1 | cpe:/o:slackware:slackware_linux:8.1 |
slackware | slackware_linux | 9.0 | cpe:/o:slackware:slackware_linux:9.0 |
slackware | slackware_linux | 9.1 | cpe:/o:slackware:slackware_linux:9.1 |